diff --git a/README.Source b/README.Source index 36312f7..b762b0c 100644 --- a/README.Source +++ b/README.Source @@ -4,4 +4,4 @@ directory "dlcompat-20010505/" from the source tarball If you want to see the original sources you can download them from: - http://asg.web.cmu.edu/sasl/ + ftp://ftp.cyrusimap.org/cyrus-sasl diff --git a/cyrus-sasl-2.1.22-gcc44.patch b/cyrus-sasl-2.1.22-gcc44.patch deleted file mode 100644 index 381c618..0000000 --- a/cyrus-sasl-2.1.22-gcc44.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: plugins/digestmd5.c -=================================================================== ---- plugins/digestmd5.c.orig 2006-05-17 18:46:17.000000000 +0200 -+++ plugins/digestmd5.c 2009-03-02 21:00:49.000000000 +0100 -@@ -2715,7 +2715,7 @@ static sasl_server_plug_t digestmd5_serv - "DIGEST-MD5", /* mech_name */ - #ifdef WITH_RC4 - 128, /* max_ssf */ --#elif WITH_DES -+#elif defined(WITH_DES) - 112, - #else - 1, -@@ -4034,7 +4034,7 @@ static sasl_client_plug_t digestmd5_clie - "DIGEST-MD5", - #ifdef WITH_RC4 /* mech_name */ - 128, /* max ssf */ --#elif WITH_DES -+#elif defined(WITH_DES) - 112, - #else - 1, diff --git a/cyrus-sasl-2.1.23.tar.bz2 b/cyrus-sasl-2.1.23.tar.bz2 deleted file mode 100644 index bf7adb0..0000000 --- a/cyrus-sasl-2.1.23.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:441dc9960262de54511653e4b9a7d7100443074c3540aebaa4bb552a691740f2 -size 1287516 diff --git a/cyrus-sasl-2.1.25.tar.bz2 b/cyrus-sasl-2.1.25.tar.bz2 new file mode 100644 index 0000000..4ffa03a --- /dev/null +++ b/cyrus-sasl-2.1.25.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eb6e66b93a1d18182905e737cbe2cbdaaa70dcfa677afc2f4cd3b0df59c16161 +size 1330164 diff --git a/cyrus-sasl-gcc4.patch b/cyrus-sasl-gcc4.patch index ff915d3..0c1e09c 100644 --- a/cyrus-sasl-gcc4.patch +++ b/cyrus-sasl-gcc4.patch @@ -1,6 +1,8 @@ ---- lib/saslint.h +Index: lib/saslint.h +=================================================================== +--- lib/saslint.h.orig +++ lib/saslint.h -@@ -109,8 +109,6 @@ +@@ -118,8 +118,6 @@ typedef struct { const char *appname; } sasl_global_callbacks_t; diff --git a/cyrus-sasl-gs2-not-overwrite-minor-error-code.dif b/cyrus-sasl-gs2-not-overwrite-minor-error-code.dif new file mode 100644 index 0000000..d739cac --- /dev/null +++ b/cyrus-sasl-gs2-not-overwrite-minor-error-code.dif @@ -0,0 +1,55 @@ +From df039a4aba685990e47e5edb7bc9e09ff7daf56a Mon Sep 17 00:00:00 2001 +From: Ralf Haferkamp +Date: Fri, 18 Nov 2011 10:06:22 +0100 +Subject: [PATCH] Don't overwrite minor error code before retrieving the error + message + +--- + plugins/gs2.c | 16 +++++++++------- + 1 files changed, 9 insertions(+), 7 deletions(-) + +Index: cyrus-sasl-2.1.25/plugins/gs2.c +=================================================================== +--- cyrus-sasl-2.1.25.orig/plugins/gs2.c ++++ cyrus-sasl-2.1.25/plugins/gs2.c +@@ -531,6 +531,11 @@ fprintf(stderr,"gss_acquire_cred over an + ret = SASL_OK; + + cleanup: ++ if (ret == SASL_OK && maj_stat != GSS_S_COMPLETE) { ++ sasl_gs2_seterror(text->utils, maj_stat, min_stat); ++ ret = SASL_FAIL; ++ } ++ + if (initialContextToken) + gss_release_buffer(&min_stat, &input_token); + gss_release_buffer(&min_stat, &name_buf); +@@ -538,10 +543,6 @@ cleanup: + gss_release_buffer(&min_stat, &output_token); + gss_release_name(&min_stat, &without); + +- if (ret == SASL_OK && maj_stat != GSS_S_COMPLETE) { +- sasl_gs2_seterror(text->utils, maj_stat, min_stat); +- ret = SASL_FAIL; +- } + if (ret < SASL_OK) + sasl_gs2_free_context_contents(text); + +@@ -838,13 +839,14 @@ static int gs2_client_mech_step(void *co + oparams->doneflag = 1; + + cleanup: +- gss_release_buffer(&min_stat, &output_token); +- gss_release_buffer(&min_stat, &name_buf); +- + if (ret == SASL_OK && maj_stat != GSS_S_COMPLETE) { + sasl_gs2_seterror(text->utils, maj_stat, min_stat); + ret = SASL_FAIL; + } ++ ++ gss_release_buffer(&min_stat, &output_token); ++ gss_release_buffer(&min_stat, &name_buf); ++ + if (ret < SASL_OK) + sasl_gs2_free_context_contents(text); + diff --git a/cyrus-sasl-implicitfunc.dif b/cyrus-sasl-implicitfunc.dif deleted file mode 100644 index e7538cc..0000000 --- a/cyrus-sasl-implicitfunc.dif +++ /dev/null @@ -1,28 +0,0 @@ -Index: cyrus-sasl-2.1.22/lib/auxprop.c -=================================================================== ---- cyrus-sasl-2.1.22.orig/lib/auxprop.c -+++ cyrus-sasl-2.1.22/lib/auxprop.c -@@ -41,7 +41,7 @@ - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -- -+#include - #include - #include - #include -Index: cyrus-sasl-2.1.22/saslauthd/auth_shadow.c -=================================================================== ---- cyrus-sasl-2.1.22.orig/saslauthd/auth_shadow.c -+++ cyrus-sasl-2.1.22/saslauthd/auth_shadow.c -@@ -63,6 +63,10 @@ - # include - # endif /* ! HAVE_GETUSERPW */ - -+#ifdef HAVE_CRYPT_H -+#include -+#endif -+ - # include "auth_shadow.h" - # include "globals.h" - /* END PUBLIC DEPENDENCIES */ diff --git a/cyrus-sasl-saslauthd.changes b/cyrus-sasl-saslauthd.changes index 70db596..236054e 100644 --- a/cyrus-sasl-saslauthd.changes +++ b/cyrus-sasl-saslauthd.changes @@ -1,8 +1,32 @@ ------------------------------------------------------------------- -Sun Sep 18 00:16:00 UTC 2011 - jengelh@medozas.de +Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de + +- Update to 2.1.25: + * Added support for channel bindings + * Added support for ordering SASL mechanisms by strength (on + the client side), or using the "client_mech_list" option. + * Allow DIGEST-MD5 plugin to be used for client-side and + server-side HTTP Digest, including running over non-persistent + connections (RFC 2617) + * New SASL plugins: SCRAM and GS2 + * Fixed a crash caused by aborted SASL authentication + and initiation of another one using the same SASL context. + * Various improvements to DIGEST-MD5 to improve interoperability + with some slightly broken clients +- cleanup + * removed old dependencies still related to cyrus-sasl2 + * plugins now depend on the exact cyrus-sasl version + * use autoreconf instead of calling all tools manually + +------------------------------------------------------------------- +Fri Sep 30 20:07:52 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Sun Sep 18 00:16:04 UTC 2011 - jengelh@medozas.de - Remove redundant tags/sections from specfile -- Use %_smp_mflags for parallel build ------------------------------------------------------------------- Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de diff --git a/cyrus-sasl-saslauthd.spec b/cyrus-sasl-saslauthd.spec index 321af18..fd1d63d 100644 --- a/cyrus-sasl-saslauthd.spec +++ b/cyrus-sasl-saslauthd.spec @@ -23,18 +23,18 @@ BuildRequires: libtool License: BSD4c(or similar) Group: Productivity/Networking/Other Url: http://asg.web.cmu.edu/sasl/ -Provides: cyrus-sasl:/usr/sbin/saslauthd -Provides: cyrus-sasl2:/usr/sbin/saslauthd Summary: The SASL Authentication Server -Version: 2.1.23 +Version: 2.1.25 Release: 14 Source: cyrus-sasl-%{version}.tar.bz2 Source1: cyrus-sasl-rc.tar.bz2 +Source2: README.Source +Source3: baselibs.conf Patch: cyrus-sasl.dif Patch1: shared_link_on_ppc.patch Patch2: cyrus-sasl-gcc4.patch -Patch3: cyrus-sasl-implicitfunc.dif -Patch4: cyrus-sasl-2.1.22-gcc44.patch +Patch3: cyrus-sasl-gs2-not-overwrite-minor-error-code.dif +Patch4: gssapi-null-deref.dif PreReq: %insserv_prereq %fillup_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -46,7 +46,7 @@ should authenticate with PAM, for example. License: BSD4c(or similar) Summary: The cyrus-sasl LDAP auxprop plugin Group: Productivity/Networking/Other -Requires: cyrus-sasl +Requires: cyrus-sasl = %{version} %description -n cyrus-sasl-ldap-auxprop The LDAP auxprop plugin allows for tighter application/directory @@ -56,7 +56,7 @@ integration. License: BSD4c(or similar) Summary: SQL auxprop plugin for cyrus-sasl Group: Development/Libraries/C and C++ -Requires: cyrus-sasl +Requires: cyrus-sasl = %{version} %description -n cyrus-sasl-sqlauxprop The SQL auxprop plugin supports PostgreSQL and MySQL @@ -67,57 +67,36 @@ The SQL auxprop plugin supports PostgreSQL and MySQL %patch1 %patch2 %patch3 -p1 -%patch4 +%patch4 -p1 %build find . -name \*.cvsignore -print0 | xargs -0 rm -vf -%{suse_update_config -f config} -%{suse_update_config -f saslauthd/config} -# has old libtool macros (and nothing else) -rm -f acinclude.m4 -rm -f saslauthd/acinclude.m4 -rm -rf autom4te.cache -rm -rf saslauthd/autom4te.cache -libtoolize --force -aclocal -I cmulocal -I config -autoheader -autoconf -automake --add-missing --include-deps -autoconf -cd saslauthd -aclocal -I ../cmulocal -I config -I ../config -autoheader -autoconf -automake --add-missing --include-deps -cd - +autoreconf -f -i export CFLAGS="-fno-strict-aliasing $RPM_OPT_FLAGS -DLDAP_DEPRECATED" -export CPPFLAGS=-I/usr/include/heimdal -./configure --libdir=%{_libdir} \ - --with-plugindir=%{_libdir}/sasl2 \ - --with-configdir=/etc/sasl2/:%{_libdir}/sasl2 \ - --prefix=/usr \ - --sysconfdir=/etc \ - --mandir=%{_mandir} \ - --with-saslauthd=/var/run/sasl2/ \ - --enable-checkapop=no \ - --enable-cram=no \ - --enable-digest=no \ - --enable-otp=no \ - --enable-srp=no \ - --enable-plain=no \ - --enable-anon=no \ - --enable-ntlm=no \ - --enable-passdss=no \ - --enable-sample=no \ - --enable-login=no \ - --enable-gssapi=yes \ - --enable-krb4=no \ - --enable-sql \ - --with-mysql=/usr/include/mysql \ - --with-pgsql=/usr/include/pgsql \ - --enable-ldapdb=yes \ - --with-pam \ - --with-ldap +%configure --with-plugindir=%{_libdir}/sasl2 \ + --with-configdir=/etc/sasl2/:%{_libdir}/sasl2 \ + --with-saslauthd=/var/run/sasl2/ \ + --enable-checkapop=no \ + --enable-cram=no \ + --enable-digest=no \ + --enable-otp=no \ + --enable-srp=no \ + --enable-plain=no \ + --enable-anon=no \ + --enable-ntlm=no \ + --enable-passdss=no \ + --enable-sample=no \ + --enable-login=no \ + --enable-gssapi=no \ + --enable-gs2=no \ + --enable-scram=no \ + --enable-krb4=no \ + --enable-sql \ + --with-mysql=/usr/include/mysql \ + --with-pgsql=/usr/include/pgsql \ + --enable-ldapdb=yes \ + --with-pam \ + --with-ldap make sasldir=%{_libdir}/sasl2 %{?_smp_mflags} %install @@ -137,7 +116,6 @@ mkdir -p $RPM_BUILD_ROOT/sbin ln -sf ../etc/init.d/saslauthd $RPM_BUILD_ROOT/sbin/rcsaslauthd install -D -m 644 SuSE/sysconfig.saslauthd $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.saslauthd rm -f $RPM_BUILD_ROOT/%{_mandir}/cat?/* -rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libgssapiv2.* rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libsasldb* rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libldapdb.la rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libsql.la diff --git a/cyrus-sasl.changes b/cyrus-sasl.changes index 97ea70a..236054e 100644 --- a/cyrus-sasl.changes +++ b/cyrus-sasl.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de + +- Update to 2.1.25: + * Added support for channel bindings + * Added support for ordering SASL mechanisms by strength (on + the client side), or using the "client_mech_list" option. + * Allow DIGEST-MD5 plugin to be used for client-side and + server-side HTTP Digest, including running over non-persistent + connections (RFC 2617) + * New SASL plugins: SCRAM and GS2 + * Fixed a crash caused by aborted SASL authentication + and initiation of another one using the same SASL context. + * Various improvements to DIGEST-MD5 to improve interoperability + with some slightly broken clients +- cleanup + * removed old dependencies still related to cyrus-sasl2 + * plugins now depend on the exact cyrus-sasl version + * use autoreconf instead of calling all tools manually + ------------------------------------------------------------------- Fri Sep 30 20:07:52 UTC 2011 - coolo@suse.com diff --git a/cyrus-sasl.dif b/cyrus-sasl.dif index 5d5a70a..a3c104e 100644 --- a/cyrus-sasl.dif +++ b/cyrus-sasl.dif @@ -1,150 +1,32 @@ Index: cmulocal/cyrus.m4 =================================================================== ---- cmulocal/cyrus.m4.orig 2009-04-28 17:09:13.000000000 +0200 -+++ cmulocal/cyrus.m4 2010-06-07 15:27:08.000000000 +0200 +--- cmulocal/cyrus.m4.orig ++++ cmulocal/cyrus.m4 @@ -37,7 +37,7 @@ AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [ SAVE_LDFLAGS="${LDFLAGS}" LDFLAGS="-R /usr/lib" - AC_TRY_LINK([],[],[andrew_runpath_switch="-R"], [ + AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [ - LDFLAGS="-Wl,-rpath,/usr/lib" +# LDFLAGS="-Wl,-rpath,/usr/lib" - AC_TRY_LINK([],[],[andrew_runpath_switch="-Wl,-rpath,"], - [andrew_runpath_switch="none"]) + AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"], + [andrew_cv_runpath_switch="none"]) ]) Index: Makefile.am =================================================================== ---- Makefile.am.orig 2006-05-19 16:45:21.000000000 +0200 -+++ Makefile.am 2010-06-07 15:27:08.000000000 +0200 +--- Makefile.am.orig ++++ Makefile.am @@ -43,6 +43,7 @@ AUTOMAKE_OPTIONS = 1.7 # ################################################################ -+ACLOCAL_AMFLAGS="-I config" ++ACLOCAL_AMFLAGS=-I config -I cmulocal if SASLAUTHD SAD = saslauthd else -Index: configure.in -=================================================================== ---- configure.in.orig 2009-04-28 17:18:04.000000000 +0200 -+++ configure.in 2010-06-07 15:27:08.000000000 +0200 -@@ -52,6 +52,7 @@ AC_CACHE_LOAD - fi - - AC_CONFIG_AUX_DIR(config) -+AC_CONFIG_MACRO_DIR([config]) - AC_CANONICAL_HOST - AC_CANONICAL_TARGET - -Index: plugins/Makefile.am -=================================================================== ---- plugins/Makefile.am.orig 2009-04-28 17:09:17.000000000 +0200 -+++ plugins/Makefile.am 2010-06-07 15:27:08.000000000 +0200 -@@ -46,23 +46,10 @@ - - # Library version info - here at the top, for sanity - # CURRENT:REVISION:AGE --anonymous_version = 2:23:0 --digestmd5_version = 2:23:0 --kerberos4_version = 2:23:0 --gssapiv2_version = 2:23:0 --crammd5_version = 2:23:0 --passdss_version = 2:23:0 --sasldb_version = 2:23:0 --login_version = 2:23:0 --plain_version = 2:23:0 --ntlm_version = 2:23:0 --otp_version = 2:23:0 --sql_version = 2:23:0 --ldapdb_version = 2:23:0 --srp_version = 2:23:0 -+plugin_version = 2:23:0 - - INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include --AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -+AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir) -version-info $(plugin_version) - - COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@ - -@@ -82,73 +69,61 @@ EXTRA_LTLIBRARIES = libplain.la libanony - libntlm.la libpassdss.la libsasldb.la libsql.la libldapdb.la - - libplain_la_SOURCES = plain.c plain_init.c $(common_sources) --libplain_la_LDFLAGS = -version-info $(plain_version) - libplain_la_DEPENDENCIES = $(COMPAT_OBJS) - libplain_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) - - libanonymous_la_SOURCES = anonymous.c anonymous_init.c $(common_sources) --libanonymous_la_LDFLAGS = -version-info $(anonymous_version) - libanonymous_la_DEPENDENCIES = $(COMPAT_OBJS) - libanonymous_la_LIBADD = $(COMPAT_OBJS) - - libkerberos4_la_SOURCES = kerberos4.c kerberos4_init.c $(common_sources) --libkerberos4_la_LDFLAGS = -version-info $(kerberos4_version) - libkerberos4_la_DEPENDENCIES = $(COMPAT_OBJS) - libkerberos4_la_LIBADD = $(SASL_KRB_LIB) $(LIB_SOCKET) $(COMPAT_OBJS) - - libgssapiv2_la_SOURCES = gssapi.c gssapiv2_init.c $(common_sources) --libgssapiv2_la_LDFLAGS = -version-info $(gssapiv2_version) - libgssapiv2_la_DEPENDENCIES = $(COMPAT_OBJS) - libgssapiv2_la_LIBADD = $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(LIB_SOCKET) $(COMPAT_OBJS) - - libcrammd5_la_SOURCES = cram.c crammd5_init.c $(common_sources) --libcrammd5_la_LDFLAGS = -version-info $(crammd5_version) - libcrammd5_la_DEPENDENCIES = $(COMPAT_OBJS) - libcrammd5_la_LIBADD = $(COMPAT_OBJS) - - libdigestmd5_la_SOURCES = digestmd5.c digestmd5_init.c $(common_sources) --libdigestmd5_la_LDFLAGS = -version-info $(digestmd5_version) - libdigestmd5_la_DEPENDENCIES = $(COMPAT_OBJS) - libdigestmd5_la_LIBADD = $(LIB_DES) $(LIB_SOCKET) $(COMPAT_OBJS) - - liblogin_la_SOURCES = login.c login_init.c $(common_sources) --liblogin_la_LDFLAGS = -version-info $(login_version) - liblogin_la_DEPENDENCIES = $(COMPAT_OBJS) - liblogin_la_LIBADD = $(PLAIN_LIBS) $(COMPAT_OBJS) - - libsrp_la_SOURCES = srp.c srp_init.c $(common_sources) --libsrp_la_LDFLAGS = -version-info $(srp_version) - libsrp_la_DEPENDENCIES = $(COMPAT_OBJS) - libsrp_la_LIBADD = $(SRP_LIBS) $(COMPAT_OBJS) - - libotp_la_SOURCES = otp.c otp_init.c otp.h $(common_sources) --libotp_la_LDFLAGS = -version-info $(otp_version) - libotp_la_DEPENDENCIES = $(COMPAT_OBJS) - libotp_la_LIBADD = $(OTP_LIBS) $(COMPAT_OBJS) - - libntlm_la_SOURCES = ntlm.c ntlm_init.c $(common_sources) --libntlm_la_LDFLAGS = -version-info $(ntlm_version) - libntlm_la_DEPENDENCIES = $(COMPAT_OBJS) - libntlm_la_LIBADD = $(NTLM_LIBS) $(COMPAT_OBJS) - - libpassdss_la_SOURCES = passdss.c passdss_init.c $(common_sources) --libpassdss_la_LDFLAGS = -version-info $(passdss_version) - libpassdss_la_DEPENDENCIES = $(COMPAT_OBJS) - libpassdss_la_LIBADD = $(PASSDSS_LIBS) $(COMPAT_OBJS) - - # Auxprop Plugins - libsasldb_la_SOURCES = sasldb.c sasldb_init.c $(common_sources) --libsasldb_la_LDFLAGS = -version-info $(sasldb_version) - libsasldb_la_DEPENDENCIES = $(COMPAT_OBJS) - libsasldb_la_LIBADD = ../sasldb/libsasldb.la $(SASL_DB_LIB) $(COMPAT_OBJS) - - libldapdb_la_SOURCES = ldapdb.c ldapdb_init.c $(common_sources) --libldapdb_la_LDFLAGS = $(LIB_LDAP) -version-info $(ldapdb_version) -+libldapdb_la_LDFLAGS = $(LIB_LDAP) $(AM_LDFLAGS) - libldapdb_la_DEPENDENCIES = $(COMPAT_OBJS) - libldapdb_la_LIBADD = $(COMPAT_OBJS) - - libsql_la_SOURCES = sql.c sql_init.c $(common_sources) --libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) -version-info $(sql_version) -+libsql_la_LDFLAGS = $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE) $(AM_LDFLAGS) - libsql_la_DEPENDENCIES = $(COMPAT_OBJS) - libsql_la_LIBADD = $(COMPAT_OBJS) - Index: sasldb/Makefile.am =================================================================== ---- sasldb/Makefile.am.orig 2009-04-28 17:09:18.000000000 +0200 -+++ sasldb/Makefile.am 2010-06-07 15:28:37.000000000 +0200 +--- sasldb/Makefile.am.orig ++++ sasldb/Makefile.am @@ -48,6 +48,7 @@ INCLUDES=-I$(top_srcdir)/include -I$(top extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c @@ -162,3 +44,35 @@ Index: sasldb/Makefile.am +db_berkeley.lo: db_berkeley.o +allockey.lo: allockey.o + +Index: saslauthd/Makefile.am +=================================================================== +--- saslauthd/Makefile.am.orig ++++ saslauthd/Makefile.am +@@ -1,4 +1,5 @@ + AUTOMAKE_OPTIONS = 1.7 ++ACLOCAL_AMFLAGS=-I ../config -I ../cmulocal + sbin_PROGRAMS = saslauthd testsaslauthd + EXTRA_PROGRAMS = saslcache + +Index: plugins/gs2.c +=================================================================== +--- plugins/gs2.c.orig ++++ plugins/gs2.c +@@ -374,6 +374,7 @@ gs2_server_mech_step(void *conn_context, + mechs.elements = (gss_OID)text->mechanism; + + if (params->gss_creds == GSS_C_NO_CREDENTIAL) { ++fprintf(stderr,"calling gss_acquire_cred\n"); + maj_stat = gss_acquire_cred(&min_stat, + text->server_name, + GSS_C_INDEFINITE, +@@ -382,7 +383,9 @@ gs2_server_mech_step(void *conn_context, + &text->server_creds, + NULL, + &text->lifetime); ++fprintf(stderr,"gss_acquire_cred returned: %d\n", maj_stat); + if (GSS_ERROR(maj_stat)) ++fprintf(stderr,"gss_acquire_cred over and out: %d\n", maj_stat); + goto cleanup; + } + diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec index bbcd8ce..c549793 100644 --- a/cyrus-sasl.spec +++ b/cyrus-sasl.spec @@ -18,12 +18,10 @@ Name: cyrus-sasl -Version: 2.1.23 +Version: 2.1.25 Release: 14 BuildRequires: db-devel krb5-mini-devel openssl-devel opie pam-devel BuildRequires: libtool -Obsoletes: cyrus-sasl2 <= %{version} -Provides: cyrus-sasl2 = %{version} License: BSD4c(or similar) Group: Productivity/Networking/Other Url: http://asg.web.cmu.edu/sasl/ @@ -40,76 +38,61 @@ Source3: baselibs.conf Patch: cyrus-sasl.dif Patch1: shared_link_on_ppc.patch Patch2: cyrus-sasl-gcc4.patch -Patch3: cyrus-sasl-implicitfunc.dif -Patch4: cyrus-sasl-2.1.22-gcc44.patch +Patch3: cyrus-sasl-gs2-not-overwrite-minor-error-code.dif +Patch4: gssapi-null-deref.dif PreReq: %insserv_prereq %fillup_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build -# %package gssapi License: BSD4c(or similar) -Obsoletes: cyrus-sasl2-gssapi <= %{version} -Provides: cyrus-sasl2-gssapi = %{version} -Summary: cyrus-sasl plugin for the GSSAPI mechanism +Summary: Plugin for the GSSAPI SASL mechanism Group: Development/Libraries/C and C++ -Requires: cyrus-sasl -# +Requires: %{name} = %{version} %package crammd5 License: BSD4c(or similar) -Summary: cyrus-sasl plugin for the CRAMMD5 mechanism +Summary: Plugin for the CRAMMD5 SASL mechanism Group: Development/Libraries/C and C++ -Requires: cyrus-sasl -# cyrus-sasl2 was split in to several subpackages -# after SLES8, this "Provides" should be removed after -# EndOfLife of SLES8 -Provides: cyrus-sasl2:%{_libdir}/sasl2/libcrammd5.so -# +Requires: %{name} = %{version} %package digestmd5 License: BSD4c(or similar) -Summary: cyrus-sasl plugin for the DIGESTMD5 mechanism +Summary: Plugin for the DIGESTMD5 SASL mechanism Group: Development/Libraries/C and C++ -Requires: cyrus-sasl -# cyrus-sasl2 was split in to several subpackages -# after SLES8, this "Provides" should be removed after -# EndOfLife of SLES8 -Provides: cyrus-sasl2:%{_libdir}/sasl2/libdigestmd5.so -# +Requires: %{name} = %{version} %package otp License: BSD4c(or similar) -Summary: cyrus-sasl plugin for the OTP mechanism +Summary: Plugin for the OTP SASL mechanism Group: Development/Libraries/C and C++ -Requires: cyrus-sasl -# cyrus-sasl2 was split in to several subpackages -# after SLES8, this "Provides" should be removed after -# EndOfLife of SLES8 -Provides: cyrus-sasl2:%{_libdir}/sasl2/libotp.so -# +Requires: %{name} = %{version} %package plain License: BSD4c(or similar) -Summary: cyrus-sasl plugin for the PLAIN mechanism +Summary: Plugin for the PLAIN SASL mechanism Group: Development/Libraries/C and C++ -Requires: cyrus-sasl -# cyrus-sasl2 was split in to several subpackages -# after SLES8, this "Provides" should be removed after -# EndOfLife of SLES8 -Provides: cyrus-sasl2:%{_libdir}/sasl2/libplain.so -# +Requires: %{name} = %{version} %package ntlm License: BSD4c(or similar) -Summary: Implementation of Cyrus SASL API +Summary: Plugin for the NTLM SASL mechanism Group: Productivity/Networking/Other -Requires: cyrus-sasl -# +Requires: %{name} = %{version} + +%package gs2 +License: BSD4c(or similar) +Summary: Plugin for the GS2 SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} + +%package scram +License: BSD4c(or similar) +Summary: Plugin for the SCRAM SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} %package devel License: BSD4c(or similar) -Obsoletes: cyrus-sasl2-devel <= %{version} -Provides: cyrus-sasl2-devel = %{version} # bug437293 %ifarch ppc64 Obsoletes: cyrus-sasl-devel-64bit @@ -117,7 +100,7 @@ Obsoletes: cyrus-sasl-devel-64bit # Summary: Cyrus SASL API Implementation, Libraries and Header Files Group: Development/Libraries/C and C++ -Requires: cyrus-sasl = %{version}, glibc-devel +Requires: %{name} = %{version}, glibc-devel %description This is the Cyrus SASL API. It can be used on the client or server side @@ -156,6 +139,16 @@ information. This is the Cyrus SASL API. It can be used on the client or server side to provide authentication. See RFC 2222 for more information. +%description gs2 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%description scram +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + %prep %setup -q -n cyrus-sasl-%{version} -a 1 if [ -e %{_builddir}/%{name}-%{version}/dlcompat-*/ ] @@ -167,43 +160,24 @@ fi %patch1 %patch2 %patch3 -p1 -%patch4 +%patch4 -p1 %build find . -name \*.cvsignore -print0 | xargs -0 rm -fv -%{suse_update_config -f config} -%{suse_update_config -f saslauthd/config} -# has old libtool macros (and nothing else) -rm -f acinclude.m4 -rm -f saslauthd/acinclude.m4 -rm -rf autom4te.cache -rm -rf saslauthd/autom4te.cache -libtoolize --force -aclocal -I cmulocal -I config -autoheader -autoconf -automake --add-missing --include-deps -autoconf -cd saslauthd -aclocal -I ../cmulocal -I config -I ../config -autoheader -autoconf -automake --add-missing --include-deps -cd - +autoreconf -f -i export CFLAGS="-fno-strict-aliasing $RPM_OPT_FLAGS" -export CPPFLAGS=-I/usr/include/heimdal %configure --with-pic \ - --with-plugindir=%{_libdir}/sasl2 \ + --with-plugindir=%{_libdir}/sasl2 \ --with-configdir=/etc/sasl2/:%{_libdir}/sasl2 \ - --with-saslauthd=/var/run/sasl2/ \ - --enable-pam \ - --enable-sample \ - --enable-login \ - --enable-gssapi \ - --enable-ntlm \ - --enable-krb4=no \ - --enable-sql=no \ - --with-devrandom=/dev/urandom + --with-saslauthd=/var/run/sasl2/ \ + --enable-pam \ + --enable-sample \ + --enable-login \ + --enable-gssapi \ + --enable-ntlm \ + --enable-krb4=no \ + --enable-sql=no \ + --with-devrandom=/dev/urandom %{__make} %{?_smp_mflags} sasldir=%{_libdir}/sasl2 %install @@ -236,8 +210,8 @@ find $RPM_BUILD_ROOT -type f -name "*.la" -exec %{__rm} -fv {} + /usr/bin/* %doc %{_mandir}/man3/sasl.*.gz %doc %{_mandir}/man8/*.gz -%doc AUTHORS COPYING ChangeLog INSTALL NEWS README doc -%doc saslauthd/AUTHORS saslauthd/COPYING saslauthd/ChangeLog saslauthd/INSTALL saslauthd/LDAP_SASLAUTHD saslauthd/NEWS saslauthd/README +%doc AUTHORS COPYING ChangeLog NEWS README doc +%doc saslauthd/AUTHORS saslauthd/COPYING saslauthd/ChangeLog saslauthd/LDAP_SASLAUTHD saslauthd/NEWS saslauthd/README %files gssapi %defattr(-,root,root) @@ -263,6 +237,14 @@ find $RPM_BUILD_ROOT -type f -name "*.la" -exec %{__rm} -fv {} + %defattr(-,root,root) %{_libdir}/sasl2/libntlm.so* +%files gs2 +%defattr(-,root,root) +%{_libdir}/sasl2/libgs2.so* + +%files scram +%defattr(-,root,root) +%{_libdir}/sasl2/libscram.so* + %files devel %defattr(-,root,root) /usr/include/sasl diff --git a/gssapi-null-deref.dif b/gssapi-null-deref.dif new file mode 100644 index 0000000..df0b83a --- /dev/null +++ b/gssapi-null-deref.dif @@ -0,0 +1,22 @@ +Index: cyrus-sasl-2.1.25/plugins/gssapi.c +=================================================================== +--- cyrus-sasl-2.1.25.orig/plugins/gssapi.c ++++ cyrus-sasl-2.1.25/plugins/gssapi.c +@@ -370,7 +370,7 @@ sasl_gss_encode(void *context, const str + } + + if (output_token->value && output) { +- unsigned char * p = (unsigned char *) text->encode_buf; ++ unsigned char * p; + + ret = _plug_buf_alloc(text->utils, + &(text->encode_buf), +@@ -384,6 +384,8 @@ sasl_gss_encode(void *context, const str + return ret; + } + ++ p = (unsigned char *) text->encode_buf; ++ + p[0] = (output_token->length>>24) & 0xFF; + p[1] = (output_token->length>>16) & 0xFF; + p[2] = (output_token->length>>8) & 0xFF;